[Snort-users] barnyard errors

Bamm Visscher bamm at ...539...
Thu Jul 17 14:19:11 EDT 2003


Hrm. I am at a loss. Maybe Andrew can help when he gets some time.

Bammkkkk

On Thu, Jul 17, 2003 at 05:05:51PM -0400, Scott Renna wrote:
> target=NONE
> verbose=
> x_includes=NONE
> ...skipping...
>   CPPFLAGS="${CPPFLAGS} -DENABLE_MYSQL"
> 
> 
> 
> ***************************
> Scott Renna
> Head Systems Administrator
> Dynamic Animation Systems
> 703-503-0500
> 
> *************************** 
> 
> -----Original Message-----
> From: Bamm Visscher [mailto:bamm at ...539...] 
> Sent: Thursday, July 17, 2003 4:58 PM
> To: Scott Renna
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] barnyard errors
> 
> 
> In your 'configure' is your CPP_FLAGS include -DENABLE_MYSQL?
> 
> Bammkkkk
> 
> On Thu, Jul 17, 2003 at 04:56:12PM -0400, Scott Renna wrote:
> > Would you recommend I drop the version of mysql back down to 3.23? 
> > Will that solve the problem in this case ?
> > 
> > Here's what my op_plugbase.c file looks like
> > 
> > #ifdef ENABLE_MYSQL
> > #include "op_acid_db.h"
> > #endif
> > #include "op_alert_csv.h"
> > 
> > 
> > /* ----------------------- Global Data --------------------------*/ 
> > OutputPluginListNode *outputPlugins = NULL;
> > 
> > /* ----------------------- Global Functions 
> > --------------------------*/ void LoadOutputPlugins() {
> >     LogMessage("Loading Built-in Output Plugins...\n");
> > 
> >     AlertFastOpInit();
> >     AlertSyslogOpInit();
> >     LogDumpOpInit();
> >     LogPcapOpInit();
> > #ifdef ENABLE_MYSQL
> >     AcidDbOpInit();
> > #endif
> >     AlertCSVOpInit();
> >     return;
> > 
> > it's located in the src directory right under barnyard...does it need 
> > to be moved elsewhere?
> > 
> > 
> > ***************************
> > Scott Renna
> > Head Systems Administrator
> > Dynamic Animation Systems
> > 703-503-0500
> > 
> > ***************************
> > 
> > -----Original Message-----
> > From: Bamm Visscher [mailto:bamm at ...539...]
> > Sent: Thursday, July 17, 2003 4:45 PM
> > To: Scott Renna
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] barnyard errors
> > 
> > 
> > I assume you did this because you are using mysql4?
> > 
> > Sounds like that may be your problem. If ENABLE_MYSQL isn't defined 
> > correctly, then barnyard won't know op_acid_db exists:
> > 
> >   From op_plugbase.c -
> >     #ifdef ENABLE_MYSQL
> >     #include "op_acid_db.h"
> >     #endif
> > 
> > Bammkkkk
> > 
> > 
> > On Thu, Jul 17, 2003 at 04:41:55PM -0400, Scott Renna wrote:
> > > I acutally reconfiged barnyard with the --enable-mysql switch. It
> > > wasn't working initially, then someone else on the list recommended
> I 
> > > locate the lines in the configure file and change them from 
> > > mysql_connect to my_connect. After that, I was able to run configure
> 
> > > and install it.
> > > 
> > > Is that the right way to go about this or no?
> > > 
> > > Should I give it another go?
> > > 
> > > 
> > > 
> > > ***************************
> > > Scott Renna
> > > Head Systems Administrator
> > > Dynamic Animation Systems
> > > 703-503-0500
> > > 
> > > ***************************
> > > 
> > > -----Original Message-----
> > > From: snort-users-admin at lists.sourceforge.net
> > > [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm
> > > Visscher
> > > Sent: Thursday, July 17, 2003 4:25 PM
> > > To: snort-users at lists.sourceforge.net
> > > Subject: Re: [Snort-users] barnyard errors
> > > 
> > > 
> > > Shot in the dark here, but are you sure mysql was enabled during the
> > > configure and subsequant make? If not, support for the op_acid
> plugin 
> > > may not be there.
> > > 
> > > Bammkkkk
> > > 
> > > On Thu, Jul 17, 2003 at 03:51:53PM -0400, Scott Renna wrote:
> > > > config hostname: xxxxxx
> > > > config interface: dc0
> > > > config filter: not port 22
> > > > 
> > > > processor dp_alert
> > > > processor dp_log
> > > > processor dp_stream_stat
> > > > 
> > > > output alert_fast
> > > > output log_dump
> > > > 
> > > > output alert_acid_db: mysql, sensor_id 1, database snort, server 
> > > > localhost, user root, password xxxxxx  output log_acid_db: mysql, 
> > > > database snort, server localhost, user root, password xxxxx, 
> > > > detail full
> > > > 
> > > > 
> > > > I will change the user for database logging from root once it's 
> > > > all good and tidy. Am I supposed to have file names following the 
> > > > alert_fast and log_dump items?  Initially I had 
> > > > /var/log/snort/fast.alert and /var/log/snort/log.dump
> > > > 
> > > > Scott
> > > > 
> > > > 
> > > > ***************************
> > > > Scott Renna
> > > > Head Systems Administrator
> > > > Dynamic Animation Systems
> > > > 703-503-0500
> > > > 
> > > > ***************************
> > > > 
> > > > -----Original Message-----
> > > > From: snort-users-admin at lists.sourceforge.net
> > > > [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm
> 
> > > > Visscher
> > > > Sent: Thursday, July 17, 2003 3:26 PM
> > > > To: snort-users at lists.sourceforge.net
> > > > Subject: Re: [Snort-users] barnyard errors
> > > > 
> > > > 
> > > > Can you please include the uncommented portions of your
> > > > barnyard.conf.
> > > > 
> > > > Bammkkkk
> > > > 
> > > > On Thu, Jul 17, 2003 at 03:07:49PM -0400, Scott Renna wrote:
> > > > > Ok,
> > > > > 
> > > > > So i took a look at the config file and made some changes, but 
> > > > > I'm
> > 
> > > > > still running into weird errors when starting barnyard:
> > > > > 
> > > > > -*> Barnyard! <*-
> > > > > Version 0.1.0 (Build 17)
> > > > > By Andrew R. Baker (andrewb at ...950...)
> > > > > and Martin Roesch (roesch at ...1935..., www.snort.org)
> > > > > 
> > > > > Loading Data Processors...
> > > > > dp_alert loaded
> > > > > dp_log loaded
> > > > > dp_stream_stat loaded
> > > > > Loading Built-in Output Plugins...
> > > > > Fast Alert plugin initialized
> > > > > AlertSyslog initialized
> > > > > Log Dump plugin initialized
> > > > > LogPcap initialized
> > > > > AlertCSV initialized
> > > > > Parsing Config file: /usr/local/etc/barnyard.conf WARNING 
> > > > > /usr/local/etc/barnyard.conf(135) => Unknown output plugin
> > 
> > > > > "alert_acid_db" referenced, ignoring!WARNING
> > > > > /usr/local/etc/barnyard.conf(136) => Unknown output plugin 
> > > > > "log_acid_db" referenced, ignoring!Archive Directory is NULL
> > Config
> > > > > File =/usr/local/etc/barnyard.conf Log
> > Dir=/var/log/snort/barnyard/
> > > > > Spool Dir=/var/log/snort
> > > > > Spool File=snort.alert
> > > > > Waldo File=/var/log/snort/waldo.log
> > > > > Sid File=/usr/local/etc/snort/sid-msg.map
> > > > > Gen File=/usr/local/etc/snort/gen-msg.map
> > > > > Hostname=bsdtest
> > > > > Interface=dc0
> > > > > Filter=not port 22
> > > > > Record Number: 0
> > > > > Log Flag: 1
> > > > > Verbosity Level=0
> > > > > File Arg Start: 0
> > > > > Dry Run mode enabled
> > > > > commandline: barnyard -c /usr/local/etc/barnyard.conf -f 
> > > > > /var/log/snort.log -g /usr/local/etc/snort/gen-msg.map -s 
> > > > > /usr/local/etc/snort/sid-msg.map -L /var/log/snort/barnyard/ -w 
> > > > > /var/log/snort/waldo.log -R
> > > > > 
> > > > > 
> > > > > 
> > > > > Here's the weird part, it says the spool file is snort.alert, 
> > > > > however,
> > > > 
> > > > > my command line specifies that the spool file should be
> > > > > /var/log/snort.log
> > > > > 
> > > > > Is there a good site or forum for troubleshooting Barnyard?
> > > > > Anyone got some ideas?
> > > > > 
> > > > > Scott
> > > > > ***************************
> > > > > Scott Renna
> > > > > Head Systems Administrator
> > > > > Dynamic Animation Systems
> > > > > 703-503-0500
> > > > > 
> > > > > ***************************
> > > > >
> > > > 
> > > > 
> > > > -------------------------------------------------------
> > > > This SF.net email is sponsored by: VM Ware
> > > > With VMware you can run multiple operating systems on a single 
> > > > machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> > > > machines at the same time. Free trial click here: 
> > > > http://www.vmware.com/wl/offer/345/0
> > > > _______________________________________________
> > > > Snort-users mailing list Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > 
> > > 
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: VM Ware
> > > With VMware you can run multiple operating systems on a single 
> > > machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> > > machines at the same time. Free trial click here: 
> > > http://www.vmware.com/wl/offer/345/0
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list